Lunt T.F. (1993) A Survey of Intrusion Detection Techniques, Computers and Security, 12, 405-418.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....system log or accounting log data. Examples of the kinds of information derived from these (and other) logs are: time of login, physical location of login, duration of user session, cumulative CPU time, particular programs executed, names of files accessed, user commands issued, and so forth [7]. When a deviation from normal behavior is observed, a masquerade (or other misuse) attempt is suspected. To facilitate comparison with other work, this study employs truncated user command lines (no arguments) as data. There have been several attempts to tackle the problem of detecting ....

T. F. Lunt. A survey of intrusion-detection techniques. Computers & Security, 12(4):405--418, June 1993.

....and selection, which is itself a problem of great interest in building models based on experimental data. Ware and Steven Levy pointed out the need for computer security in the early 80 s [1,2] Since most of the intrusions can be located by examining patterns of user activities and audit records [3], many computer forensic tools have been built by utilizing the recognized attack and misuse patterns, which requires human intervention. In our recent work on offiine intrusion analysis, artificial intelligence techniques are developed to automate the process by reducing human intervention. SVMs ....

Lunt, Teresa F. "A Survey of Intrusion Detection Techniques," Computers and Security 12, 4 (June 1993), pp 405-418.

....hard to read for humans. Moreover, the representation of the opponent model will make it hard to use these techniques to represent user models in more complex games such as go. Research in the opponent modeling domain bears some resemblance with other research domains such as intrusion detection [9] basically learning to distinguish between the regular user or an intruder based on the observed actions and behavioural cloning. In this last domain the goal is for an agent to learn to perform a task based on observations of users performing that task. This has been applied in game playing ....

Teresa F. Lunt. A survey of intrusion detection techniques. Computers & Security, 12(4):405-418, June 1993.

....suffer from security vulnerabilities regardless of their purpose, manufacturer or origin. It is both technically hard and economically costly to ensure that systems are not susceptible to attacks. Two approaches have been proposed to address the problem: anomaly de tection (see for example [1, 2]) and misuse detection (see for example [3] The former suggests that user s activity in the system can be characterized so that a profile of normal utilization of the system is established and excursions from this profile are flagged as potential intrusions, or attacks in a more general sense. ....

Teresa F. Lunt. A survey of intrusion detection techniques. Computers and Security, 12, 1993.

....to the typical k values, it is important to avoid false positives (i.e. triggering unnecessary alarms for sequences that do not really represent an attack because k is too large) and to avoid false negatives (i.e. missing true attacks) Empirical values of k are typically between 6 and 10. See [17, 14, 13] for justi cations of all these values. An extended version of this problem (namely searching allowing k di erences, or allowing edit distance at most k) has received a lot of attention in the last decades [23] and some of the algorithms can be particularized to solve this problem for one ....

....are free from security aws. Computer systems su er from security vulnerabilities regardless of their purpose, manufacturer or origin. It is both technically hard and economically costly to ensure that systems are not susceptible to attacks. Two approaches have been proposed to address the problem [17, 9, 14]. A rst approach, anomaly detection, suggests that user s activity in the system can be characterized so that a pro le of normal utilization of the system is established and excursions from this pro le are tagged as potential intrusions, or attacks in a more general sense. This approach ....

T. Lunt. A survey of intrusion detection techniques. Computers and Security, 12, 1993.

....suffer from security vulnerabilities regardless of their purpose, manufacturer or origin. It is both technically hard and economically costly to ensure that systems are not susceptible to attacks. Two approaches have been proposed to address the problem: anomaly detection (see for example [1, 2]) and misuse detection (see for example [3] The former suggests that user s activity in the system can be characterized so that a profile of normal utilization of the system is established and excursions from this profile are flagged as potential intrusions, or attacks in a more general sense. ....

Teresa F. Lunt. A survey of intrusion detection techniques. Computers and Security, 12, 1993.

....conduct financial business online. The downside to this is that while online, we risk exploitation at the hands of others who may access our private information through the network. Many researchers and vendors have spent time and money in the development of sophisticated security monitoring tools [7, 9, 12, 16], such as firewalls and network intrusion detection tools. By implementing these tools, organizations may significantly reduce security risks. Unfommately, most current detection mechanisms do not consider the cost of operating a network intrusion detection system as an important factor when ....

T. Lunt, A Survey of intrusion detection techniques, Computer & Security, p 405418, 12, 1993.

....queries whose access pattern is different from the usual access pattern for queries with that purpose and by that user. The detector uses the Query Intrusion Model built by analyzing past queries for each purpose and each authorizeduser. This problem is related to that of intrusion detection [3] [34]. In our example, the profile for queries issued by customer service and tagged purchase might be that the query only accesses customers whose order status is not fulfilled , and that customer service queries cumulatively access less than 1000 records a day. Thus Mallory s queries will be flagged ....

T. F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418, 1993.

....traffic served as a sensor. In system event logs, many different measures are available [7] As noted in [4] there can be many sensors measuring the state of a network, system or process. These sensors can be hardware or software, although recent trends have been mainly toward software sensors [8]. The data produced by such sensors are referred to as sensor data or a sensor data stream. The data in the sensor data stream can be numeric or categorical. Numeric data are usually continuous, are on a ratio scale, have a unique zero point, and have mathematical ordering properties (e.g. ....

.... to as nominal data, are discrete, usually consist of a series of unique labels as categories, and have no mathematical ordering properties (e.g. an apple is not twice an orange) 9] It seems likely that as computing power increases, more of the sensor data will be in the form of categorical data [8] [10] hence anomaly detectors will be required to operate primarily on categorical data, presenting a real challenge to developers and users of such sensors, because categorical data are much more difficult to handle statistically than numeric data are. This paper focuses on detecting anomalies ....

Teresa F. Lunt, "A survey of intrusion-detection techniques," Computers & Security, vol. 12, no. 4, pp. 405--418, June 1993.

....and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Defense Advanced Research Projects Agency, Rome Laboratory or the U.S. Government. Intrusion Detection 2 02 09 00 that essentially catalog different systems [Anderson80, Cannaday96, Liepens92, Lunt93b, Kumar94, Smaha94]. In this survey we attempt to determine the fundamental approaches and describe the essence of each approach. To be concrete, we use existing implementations to illustrate the mechanics of implementation of each approach. Intrusion detection involves determining that some entity, an intruder, has ....

Lunt, T.F. "A Survey of Intrusion Detection Techniques." Computers & Security 12 (1993) 405-418.

....that the intrusion detection mechanism should detect the tampering attempt before itself or its data is compromised. This assumption is unfounded and misleading for the following reasons: Clandestine users operating at a level below that which auditing occurs can elude the notice of auditing [1][6]. Attacks targeting the IDS may originate at these lower levels, bypass the detection mechanism, and ultimately corrupt the ID data or the mechanism itself. It is not always possible to discern suspicious behavior from normal patterns. An anomaly detection mechanism can be foiled if one can ....

T. Lunt, "A Survey of Intrusion Detection Techniques", Computers & Security, Vol 12, 1993, pp 405-418.

....by the corresponding authoritative sources. We present a DNS wrapper, also characterized by formal specifications, that enforces the security goal. We call our approach intrusion tolerance because it is based on prior work on intrusion detection and fault tolerance. Intrusion detection (e.g. [18, 27, 38, 46]) is a retrofit approach to improve the security of computer systems and networks. Intrusion detection systems detect and report security policy violations. To live with the existing systems and network infrastructures (i.e. the legacy system problem) intrusion detection improves their security ....

....scheme for protecting control packets in link state routing. Previous work such as [50, 51, 47, 26] either is very expensive computationally or has certain limitations, which will be discussed in Section 2.2. We use a detection diagnosis recovery approach, which is intrusion detection (e.g. [18, 38, 46, 27]) augmented with system diagnosis and reconfiguration (e.g. 52] This approach is also used in Chapter 3 and in Bradley, et al. s paper [6, 7] on protecting routing infrastructures from routers that incorrectly drop packets and misroute packets. Our main goal is to minimize the cost of ....

T.F. Lunt, "A Survey of Intrusion Detection Techniques." Computer and Security, June 1993, Vol.12, No.4, pp.405-418.

....examples of faults observed in Aladdin and faults one can expect to observe. Related Work. Other approaches to fault and or intrusion detection include characterizing the illegal sequences generated by a fault as a pattern [3] or modeling illegal behavior in terms of expert system rules [4, 11]. Detection of a pattern or triggering of a rule, as the case may be, indicates the occurrence of the corresponding fault. Such approaches to fault detection are not always easily extensible, since a new fault not captured by the patterns or rules remains undetected. In contrast, he model based ....

T.F. Lunt. Survey of intrusion detection techniques. Computers and Security, 12(4):405-418, Jun 1993.

....for the remote student whom they are claiming to be. Such a profile could encompass a range of factors, including time of system accesses, facilities used and data accessed. The supervision could also consider a variety of general indicators that might be suggestive of an intrusion scenario (Lunt, 1993; Furnell et al., 1996) This approach would have the advantage of being achievable in software and, therefore, avoiding any associated financial cost per workstation (unlike using smart cards on conventional PCs) However, disadvantages could exist in terms of unreliability (particularly the ....

Lunt, T.F. (1993), "A survey of intrusion detection techniques", Computers & Security, Vol. 12, No. 4, pp405-418.

....scheme for protecting control packets in link state routing. Previous work such as [16, 17, 14, 4] either is very expensive computationallyor has certain limitations, which will be discussed in Section 2. We use a detection diagnosis recovery approach, which is intrusion detection (e.g. [2, 10, 13, 5]) augmented with system diagnosis and reconfiguration, inspired by work in fault tolerance. This approach is also used in Cheung s and Levitt s [1] paper on protecting routing infrastructures from routers that incorrectly drop packets and misroute packets. Our main goal is to minimize the cost of ....

T. Lunt. A survey of intrusion detection techniques. Computer and Security, 12(4):405--418, June 1993.

....the vulnerability to information warfare attacks [GSM96] McDermott and Goldschlag [MG96a, MG96b] developed storage jamming, which can be used to seed a database with dummy values, access to which indicates the presence of an intruder. Lunt surveyed a variety of intrusion detection methods [Lun93]. 6 Summary We argue for a fault tolerance approach to survivability. Since no real system enjoys absolute integrity, corresponding models for these systems should explicitly address integrity losses. For example, damage markers make it easier to provide continued trustworthy service in systems ....

Teresa F Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418, June 1993.

....second class are systems that first build a profile of normal system or user behavior and report deviation from this profile as potential intrusion attempts. Intrusion detection systems rely on diverse tools such as expert systems, neural networks, statistical modeling, or data mining algorithms [14,17,18]. Such systems could provide the basic elements of intrusion tolerant architectures. The key issues of scalability and timely detection and reporting of anomalies remain to be solved, although recent progress has been made [30] 5 Conclusion ....

T. Lunt. A Survey of Intrusion Detection Techniques. Computers and Security, 12(4):405--418, June 1993.

....and classify attacks. More recently, Forrest et al. 18] have applied classi cation techniques to sequences of Unix system calls to identify anomalous behavior in Unix processes. Also, Lane and Brodley [30] have used classi cation of command sequences to perform automatic user identi cation. Lunt [32, 33] has surveyed the most common host based intrusion detection and audit trail analysis techniques. The area of network based intrusion detection has also seen a good amount of work. One of the rst implemented network based intrusion detection system was the Network Security Monitor (NSM) 23] ....

Teresa F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405-418, June 1993.

....log and produce reports and summaries regarding the events occurred, which can then be examined by the auditor. More sophisticated tools, also called intrusion detection systems, can also perform audit analysis and, automatically or semi automatically, point out possible violations or anomalies [34]. 4.2 Intrusion detection The basic assumption of intrusion detection systems is that each violation, or attempt of violation, translates in some observable on the events occurring in the system. Some approaches that can be used to define what constitutes a violation in terms of events occurred ....

T.F. Lunt. A survey of intrusion detection techniques. Computers & Security, 12(4):405--418, 1993.

....our model is similar to audit trail analysis, it also differs from traditional audit analysis in several ways. For example, our model doesn t require as much data storage, it isn t statistical in nature (although statistical methods can be incorporated) and no expert systems are involved. See [1]. Our model also has some similarities with the neural network approach to intrusion detection. However, there still remain major differences. When a neural network based approach detects an intrusion, it is often difficult or impossible to get information about which measure(s) contributed to ....

....However, our model can be used to profile any part of a system. Various intrusion detection measures can be used to profile individual users. A user measure is an aspect of user activity. We will focus on two types of measures, quantitative and binary. A list of possible measure are given in [1]. A binary measure is simply a Yes. No. question about some aspect of user activity in a given period of time. For example, the value of the binary measure, Directory C usage , would be 0 for a 10.00 2000 IEEE 48 given user if that user did not access directory C and would be 1 if the ....

T. Lunt., "A survey of intrusion detection techniques," Computers and Security, 12, pp. 405418, 1993

....and motivation for this research. Our proposed model and developed algorithms are presented in section 3. Section 4 concludes the paper. 2 BACKGROUND AND MOTIVATION There are numerous intrusion detection techniques available today that can identify the attacker. Several of these are presented in [9] and [11] Following the detection of the attacking transaction, damage appraisal and recovery phases are carried out [6] Over the last few years researchers have proposed new models and novel damage assessment and recovery techniques [6] 8] 10] and [12] to survive cyber attacks on ....

T. F. Lunt, "A Survey of Intrusion Detection Techniques", Computers & Security, Vol. 12, No. 4, p. 405-418, June 1993.

....protocol in the file system context to evaluate the feasibility of the general solution, which can be applied in many types of information systems. 1. INTRODUCTION Recently there has been increasing emphasis on supplementing protection of networks and information systems with intrusion detection [Lunt, 1993, Mukherjee et al. 1994, Lunt and McCollum, 1998] and numerous intrusion detection products have emerged commercially. Recognizing that access controls, filtering, and other protection mechanisms can be defeated or bypassed by would be attackers who take advantage of remaining vulnerabilities, ....

Lunt, T. (1993). A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418.

....rule such that the to be update time is checked against the expected update time (condition) and reject the update (action) if the predicate returns false. In many cases, intrusion detection is based on monitoring an activity and comparing it with what is established as normal for that activity [8]. The ability to discriminate between a normal behavior of the activity and suspicious behavior depends on the range of fluctuations of normal behavior. When a suspicious behavior is detected, a security alarm is invoked and usually the system triggers a more detailed analysis for investigation. ....

Lunt, T., "A Survey of Intrusion Detection Techniques," Computers and Security, vol. 12, pp. 405-418, 1993.

....general solution, which can be applied to many types of information systems. Key Words: Intrusion Con nement, Isolation, Intrusion Detection. 1 Introduction Recently increasing emphasis has been placed on supplementing protection of networks and information systems with intrusion detection [Lun93, MHL94, LM98] and numerous intrusion detection products have emerged commercially. Recognizing that access controls, ltering, and other protection mechanisms can be defeated or bypassed by would be attackers who take advantage of remaining vulnerabilities, intrusion detection systems monitor ....

....( le) that has been updated independently by two histories implies the resolution of the con icts between these two histories. Therefore, in the le system context suspicious access actions need not be synchronized. 7 Related Work A substantial body of work has been done on intrusion detection [Lun93, MHL94, LM98] based on either detecting deviations from expected statistical pro les [JV94] or pattern matching against known methods of attack [Ilg93, GL91, PK92, IKP95, SG91, SG97, LWJ98] In [JV94] the idea of setting multiple alert levels is proposed, where each alert level corresponds to a ....

T.F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405-418, June 1993.

....that determine the vulnerability to information warfare attacks [8] McDermott and Goldschlag [16, 17] developed storage jamming, which can be used to seed a database with dummy values, access to which indicates the presence of an intruder. Lunt surveyed a variety of intrusion detection methods [14]. 6: Summary We argue for a fault tolerance approach to survivability. Since no real system enjoys absolute integrity, corresponding models for these systems should explicitly address integrity losses. For example, damage markers make it easier to provide continued trustworthy service in systems ....

Teresa F Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418, June 1993.

....programs that have been operational for well over a decade, we clearly need alternative mechanisms to guard against vulnerabilities. Consequently, several recent research efforts have focussed on vulnerability analysis and intrusion detection techniques (which detect misuse by run time monitoring) [2, 10, 12, 13, 14] as a retrofit approach to secure existing systems. 1.2 Vulnerability Analysis: State of Art vs. New Approach Research efforts in vulnerability analysis have focussed primarily on identification of configuration errors such as improper file permission settings. Existing approaches [11, 4, 21] ....

T. Lunt, A survey of Intrusion Detection Techniques, Computers and Security, 12(4), June 1993.

....the attacker without creating undue complexity or consuming resources needed by the intended applications can be seen in each case. Detection techniques. The ability to detect signs that an information warfare attack is taking place is crucial. There is a body of work in intrusion detection [14], based on either detecting deviations from expected statistical profiles or pattern matching against known methods of attack, but it addresses detection primarily at the operating system level, although work is ongoing to extend it to networks of distributed systems. It does not yet provide any ....

T. F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418, June 1993.

....to develop countermeasures to deal with the attacks or intrusions since some of the attacks may succeed despite vigorous information security measures. It is almost impossible to close all security loopholes and guard against malicious break ins as well as abuse of systems by legitimate users [1]. One of 1 The work was supported, in part, by the US AFOSR 1998 Summer Research Program the countermeasures is to detect intrusions immediately and initiate recovery procedures to undo the damage. A variety of intrusion detection techniques and tools exist in the computer security community. ....

....and initiate recovery procedures to undo the damage. A variety of intrusion detection techniques and tools exist in the computer security community. Though these techniques follow different approaches for intrusion detection, audit trail analysis has been used as the last line of defense [1]. In these methods, the user behavior is monitored for certain patterns of abuse by looking at the audit data. Unfortunately, intrusion detection schemes based on audit trail analysis do not offer much in terms of damage containment because these approaches are passive, after the fact solutions ....

[Article contains additional citation context not shown here]

T. Lunt, "A survey of intrusion detection techniques, " Computers and Security, vol. 12, pp. 405-- 418, 1993.

....scheme for protecting control packets in link state routing. Previous work such as [16, 17, 14, 4] either is very expensive computationallyor has certain limitations, which will be discussed in Section 2. We use a detection diagnosis recovery approach, which is intrusion detection (e.g. [2, 10, 13, 5]) augmented with system diagnosis and reconfiguration, inspired by work in fault tolerance. This approach is also used in Cheung s and Levitt s [1] paper on protecting routing infrastructures from routers that incorrectly drop packets and misroute packets. Our main goal is to minimize the cost of ....

T. Lunt. A survey of intrusion detection techniques. Computer and Security, 12(4):405--418, June 1993.

....but authentic routing control packets. Thus when we remotely download router software to routers or configure routers, we need to use secure remote access protocols. Finn s report [5] is a good source of background information on the vulnerabilities of computer networks. Intrusion detection (e.g. [4, 6, 9, 15]) is a retrofit approach to improve the security of computer systems and networks. Intrusion detection systems detect and possibly respond to policy violations. A fundamental assumption of intrusion detection is that we have to live with existing systems and network infrastructures. Thus changes ....

T.F. Lunt, "A Survey of Intrusion Detection Techniques." Computer and Security, June 1993, Vol.12, No.4, pp.405-418.

....Intrusion detection techniques can be partitioned into two main approaches: misuse detection and anomaly detection. Misuse detection methods attempt to model attacks on a system as specific patterns, then systematically scan the system for occurrences of these patterns [Kumar and Spafford, 1996, Lunt, 1993, Garvey and Lunt, 1991, Porras and Kemmerer, 1992, Ilgun, 1992, Monrose and Rubin, 1997] This process involves a specific encoding of previous behaviors and actions that were deemed intrusive or malicious. Anomaly detection assumes that intrusions are highly correlated to abnormal behavior ....

....intrusions are highly correlated to abnormal behavior exhibited by either a user or an application. The basic idea is to baseline normal behavior of the object being monitored and then flag behaviors that are significantly different from this baseline as abnormalities, or possible intrusions. See [Lunt, 1993, Lunt and Jagannathan, 1988, Lunt, 1990, Lunt et al. 1992, D haeseleer et al. 1996, Porras and Neumann, 1997] for sources on anomaly detection approaches. The most significant disadvantage of misuse detection approaches is that they will only detect the attacks for which they are trained to ....

Lunt, T. (1993). A survey of intrusion detection techniques. Computers and Security, 12:405--418.

....potential attacks by scanning audit logs for signs of intrusive behavior or for departures from normal behavior. The Intrusion Detection Expert System (IDES) developed at SRI performed intrusion detection by creating statistical profiles for users and noting unusual departures from normal profiles [16]. IDES keeps statistics for each user according to specific intrusion detection measures, such as the number of files created and deleted each day. These statistics form the statistical profile of each user. The profiles are periodically updated to include the most recent changes to the user s ....

....characteristic pings to the range of network services across many machines. Today, there are generally two types of intrusion detection systems: anomaly detection and misuse detection. Anomaly detection approaches attempt to detect intrusions by noting significant departures from normal behavior [7, 5, 20, 18, 15, 17, 16]. Misuse detection techniques attempt to model attacks on a system as specific patterns, then systematically scan the system for occurrences of these patterns [22, 14, 10, 9, 19] This process involves a specific encoding of previous behaviors and actions that were deemed intrusive or malicious. ....

T.F. Lunt. A survey of intrusion detection techniques. Computers and Security, 12:405--418, 1993.

....Jajodia and McCollum were partially supported by Rome Laboratory, Air Force Material Command, USAF, under agreement number F3060297 1 0139. 1 Introduction Recently there has been increasing emphasis on supplementing protection of networks and information systems with intrusion detection [7, 10]. Recognizing that access controls, filtering, and other protection mechanisms can be defeated or bypassed by would be attackers who take advantage of remaining vulnerabilities, intrusion detection systems monitor system or network activity to discover attempts to disrupt or gain illicit access to ....

....our static conflict resolution methods. In Section 6 we propose a method to resolve conflicts dynamically. Section 7 extends our isolation protocol to deal with multiple suspicious users. Section 8 concludes the paper. 2 Related Work There is a substantial body of work in intrusion detection [7, 10], based on either detecting deviations from expected statistical profiles or pattern matching against known methods of attack. The detection, however, primarily focuses at the operating system level. Although work is ongoing to extend it to networks of distributed systems, it does not yet provide ....

T. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418, June 1993.

....no hard results on the effectiveness of the approach yet, but will give a short overview of the key ideas below. Reactive security approaches have been used in Intrusion Detection systems (for Network Management) for a long time and have proven useful for detecting hackers and internal misuse [2, 1, 5]. The Assistant is a tool for giving the user increased confidence that a program does not misbehave, but the notion that there is an actual risk when a program is granted resources is not disposed of. A security assistant should be seen as a tool for understanding and managing these risks. This ....

Teresa F Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418, June 1993.

....rule based system in IDES and NIDES can be seen as a misuse detection system. However, the rules must be written in a very low level language. The expertise incorporated in the expert system is only as good as that of the security officer whose skills are modeled, which may not be comprehensive [18]. The system is not easy to use and unlike our design, the matching algorithm (forward chaining) is fixed. A state transition analysis tool for intrusion detection (STAT) 21, 22] and a real time intrusion detection system for UNIX (USTAT) 8, 6, 7] are the examples of using state transition ....

T. F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418, June 1993.

No context found.

Lunt T.F. (1993) A Survey of Intrusion Detection Techniques, Computers and Security, 12, 405-418.

No context found.

LUNT, T. F. 1993. A survey of intrusion detection techniques. Comput. Security 12, 405-- 418.

No context found.

Teresa F. Lunt, "A survey of intrusion detection techniques," Computers & Security, vol. 4, no. 12, pp. 405--418, December 1993.

No context found.

T.F. Lunt. A Survey of Intrusion Detection Techniques. Computer & Security 12 (1993) 405-418.

No context found.

Teresa F. Lunt. A Survey of Intrusion Detection Techniques. Computers and Security, 12(4):405--418, June 1993.

No context found.

Lunt TF. A Survey of Intrusion Detection Techniques. Computers and Security, 12: 405--418, 1993.

No context found.

T. Lunt. A survey of intrusion detection techniques. Computers and Security, 12(4):405--418, June 1993.

No context found.

Lunt, T. F. (1993). A Survey of Intrusion Detection Techniques. Computers and Security, 12: 405-- 418.

No context found.

T. Lunt, "A Survey of Intrusion Detection Techniques", Computers and Security, Elsevier Science Publishers Ltd., vol. 12, 1993, pp. 405-418.

No context found.

T. Lunt, A survey of Intrusion Detection Techniques, Computers and Security, 12(4), June 1993.

No context found.

T. Lunt, A survey of Intrusion Detection Techniques, Computers and Security, 12(4), June 1993.

No context found.

T. Lunt, A survey of Intrusion Detection Techniques, Computers and Security, 12(4), June 1993.

No context found.

T. Lunt, A survey of Intrusion Detection Techniques, Computers and Security, 12(4), June 1993.

No context found.

Lunt, T. F. (1993b). A Survey of Intrusion Detection techniques. Computers and Security, 12(4):405418.

No context found.

Lunt, T. F., A Survey of Intrusion Detection Techniques, Computer and Security, Vol. 12, pp. 405-418, 1993.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC